<?php
if(!defined('IN_ORA')) {
	exit('Access Denied');
}
$GLOBALS['__msg_tpl__'] = "admin/msg.html";
session_start();
if(!isset($_SESSION["admin"])){
	exit('Access Denied');
}
$act = $GLOBALS['act']==""?'list':$GLOBALS['act'];
$GLOBALS['tpl']->assign('act',$act);
if($act == 'list'){
	$GLOBALS['tpl']->assign('pages',$GLOBALS['db']->getAll('select * from '.tn('pages').' order by id desc'));
}else if($act == 'modify'){
	$id = $GLOBALS['_param']['id'];
	if(is_numeric($id)){
		$page = $GLOBALS['db']->getOne("select ops.*,op.content,op.id as content_id from ".tn("pages")." ops left join ".tn('page')." op on ops.id = op.pid where ops.id = $id");
		if($page){
			$GLOBALS['tpl']->assign('page',$page);
		}else{
			showMsg('未找到记录!');
		}
	}
}else if ($act=='save'){
	$pid = $_POST['page_id'];
	$name = $_POST['name'];
	if(empty($name)){
		showMsg('请输入页面名称!',$_SERVER['HTTP_REFERER'],1);
	}
	$ptype = $_POST['ptype']=='1'?1:0;
	$is_nav = $_POST['is_nav']=='1'?1:0;
	if($ptype=='1'){
		$url = $_POST['url'];
		if(is_numeric($pid)){
			$sql = "update ".tn('pages')." set `name` = '$name',ptype = $ptype , url = '$url',is_nav = $is_nav,dateline = ".time()." where id = $pid";
			$GLOBALS['db']->execute($sql);
		}else{
			$sql = "insert into ".tn('pages')."(`name`,ptype,url,dateline,is_nav) values('$name',$ptype,'$url',".time().",$is_nav)";
			$GLOBALS['db']->execute($sql);
			$pid = $GLOBALS['db']->getLastInsId();
		}
		$GLOBALS['db']->execute("delete from ".tn('page')." where pid = $pid ");
		showMsg('操作成功!',parse_uri('admin_page-list'),1);
	}else{
		$content = htmlspecialchars($_POST['content']);
		$content_id = $_POST['content_id'];
		if(is_numeric($pid)){
			$sql = "update ".tn('pages')." set `name` = '$name',ptype = $ptype,is_nav = $is_nav,dateline = ".time()." where id = $pid";
			$GLOBALS['db']->execute($sql);
		}else{
			$sql = "insert into ".tn('pages')."(`name`,ptype,dateline,is_nav) values('$name',$ptype,".time().",$is_nav)";
			$GLOBALS['db']->execute($sql);
			$pid = $GLOBALS['db']->getLastInsId();
		}
		$sql = "insert into ".tn('page')."(ptype,content,pid) values($ptype,'$content',$pid)";
		if(is_numeric($content_id)){
			$sql = "update ".tn('page')." set ptype=$ptype,pid = $pid,content = '$content' where Id = $content_id";
		}
		$GLOBALS['db']->execute($sql);
		showMsg('操作成功!',parse_uri('admin_page-list'),1);
	}
}else if($act == 'del'){
	$id = $GLOBALS['_param']['id'];
	if(is_numeric($id)){
		$GLOBALS['db']->execute("delete from ".tn('pages')." where id = $id");
		$GLOBALS['db']->execute("delete from ".tn('page')." where pid = $id");
		showMsg('操作成功!',parse_uri('admin_page-list'),1);
	}else{
		showMsg('非法参数!',parse_uri('admin_page-list'),1);
	}
}
$GLOBALS['tpl']->display("admin/pages.html");
?>